Executive Summary

Summary
Title Vulnerabilities in Cisco Video Surveillance Products
Informations
Name cisco-sa-20090624-video First vendor Publication 2009-04-15
Vendor Cisco Last vendor Modification 2009-06-24
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Video Surveillance Stream Manager firmware for the Cisco Video Surveillance Services Platforms and Cisco Video Surveillance Integrated Services Platforms contain a denial of service (DoS) vulnerability that could result in a reboot on systems that receive a crafted packet.

Cisco Video Surveillance 2500 Series IP Cameras contain an information disclosure vulnerability that could allow an authenticated user to view any file on a vulnerable camera.

Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20090624-video.shtml

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3

OpenVAS Exploits

Date Description
2009-06-30 Name : Ubuntu USN-789-1 (gst-plugins-good0.10)
File : nvt/ubuntu_789_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
55348 Cisco Video Surveillance 2500 Series IP Camera Embedded Web Server Unspecifie...
55347 Cisco Video Surveillance Stream Manager xvcrman Process Malformed UDP Packet ...